And ...
Fine with moving it back to BALUG-Admin (does, after all, at least overlap BALUG, notably BALUG.org DNS and Comcast Business breaking the (5353) redundancy work-around for other things Comcast Business has been known to break (notably with SecurityEdge)).
And Rick, your checks, etc., I don't think you're missing anything. Let me know if, e.g., you need/want me to do anything on, e.g. the 96.86.170.229:5353 side of things.
On Mon, Jun 3, 2024 at 9:36 AM Rick Moen rick@linuxmafia.com wrote:
Quoting Al Whaley (aw009@sunnyside.com):
That security edge feature is no longer optional on Comcast business accounts. However you can log into your Comcast business website portal as yourself and look at your options and very quickly turn security edge off.
Guys, I've moved this back to balug-admin, because I like the record that keeps, and we're not talking about anything that dannot be public. Is that alright?
Good idea about that accursed SecurityEdge "feature". I've now disabled that blasted thing in the Comcast Business account to the extent they permit, I think?
Initial login takes me to https://business.comcast.com/account/dashboard/accounts/689906011127102015Co... where I see Subscribed Services described as "Business Internet Essential 150 Mbps / 25 Mbps" and below that "SecurityEdgeTM", which is a link, following which goes to https://securityedge.comcast.com/#home , showing tab Dashboard, which has nothing adjustable, but move on to tab Settings, page https://securityedge.comcast.com/#settings/profiles . Here, "Web Filters" had a predefined "protection level" of "Light", but one can select "None", which I did.
Scrolling down the page, everything settable is Off, except that section Internet Security has "Malware & Phishing Protection" set to "On", which slide control is greyed out (unchangeable). Subtitle is "Keeps user from compromising the network or their personal data if they accidentally or intentionally access infected web [sic] pages or click on phishing emails." Select Save at the page bottom to implement.
Slide control "Web Filters" at the top of the page now shows Off.
The other tabs, "Block & Allow Lists", "Block Page Construction", "Domain Lookup", and "Scheduled Reports" don't appear to have anything useful for my purposes.
Orange banner at the very top of the page now says: "Web Filter Protection is now off. To safeguarg your network, Malware, Phishing, and Botnet Protection remains on. Learn More [link]."
Following link goes to https://securityedge.comcast.com/#help/turning-web-filters-on-and-off , which is a long documentation page including justifying preventing turning that part off:
Malware, phishing and botnet traffic is generated by malicious software. Protection against this traffic is critical. This is why we do not recommend disabling the Malware and Phishing setting for any user profile. The setting remains enabled even if you turn off Web Filters.
Also notable:
To turn Web Filters on or off, log in to Comcast Business SecurityEdge. On the top right of any page, click the Web Filters toggle switch: from On to Off to deactivate the Protection Level, Block & Allow Lists and Off-Hours Internet Schedule, or from Off to On to activate them. The ^^^ change is applied immediately. ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Noting that final sentence, I now attempt another smoke test, to see if the problem is gone:
$ dig -p 5353 @96.86.170.229 balug.org ;; connection timed out; no servers could be reached $
Nope.
Noting Al's wording "look at your options and very quickly turn security edge off", I try to see if there's another entry point into the account to do so. What about "My Account" over on the far side of the navbar for https://business.comcast.com/account/account-details/689906011127102015Comca... ?
I see: SUBSCRIBED SERVICES: Business Internet - SecurityEdge
Clicking "Business Internt" takes me to https://business.comcast.com/connectivity/internetdashboard/ , Where Item SECURITYEDGEtm Cybersecurity is shown as "Disabled".
At some point, I tried toggling the "Web Filters" toggle from the Off to the On position, and then back to Off. This resulted in my losing connectivity to my server for a few minutes, getting Network Unreachable on my ssh reconnection. I infer that the "modem" device was resetting.
I continute to get... $ dig -p 5353 @96.86.170.229 balug.org ;; connection timed out; no servers could be reached $
Al, Michael, am I missing a trick, here?